c871911a9c8694ffe3341b689868ad734019812fff6a7e1cf0e38dd050560605

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 05:16

Target

14ccbc7f29605cd8c18b505f58d77c18_JaffaCakes118.dll
Size

225KB
MD5

14ccbc7f29605cd8c18b505f58d77c18
SHA1

d636540dfc0f1161fc4cac020519daadcaac53ba
SHA256

c871911a9c8694ffe3341b689868ad734019812fff6a7e1cf0e38dd050560605
SHA512

6cc185c3b0299be5a4c7d47278636b2476eeb66ab2eeb19cf40a3dc128536cfcb85763a692b4df8b1d43d5390f0ebdbca2f2019cc769873ad45cae7986526784
SSDEEP

6144:VjvgroT0jaT+1htdZxrDYWmKTKbAy0k3iDrXjc0tIddYO:54roT0T1WWmKOcXjcRd

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4040-0-0x0000000000400000-0x0000000000459000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1144	4040	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 4040	960	rundll32.exe	83
PID 960 wrote to memory of 4040	960	rundll32.exe	83
PID 960 wrote to memory of 4040	960	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14ccbc7f29605cd8c18b505f58d77c18_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14ccbc7f29605cd8c18b505f58d77c18_JaffaCakes118.dll,#1
  2⤵
  PID:4040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 544
    3⤵
    - Program crash
    PID:1144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4040 -ip 4040
1⤵
PID:896

memory/4040-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4040-1-0x0000000000B60000-0x0000000000B74000-memory.dmp

Filesize
80KB

Download